Securing URLs with the Secure Link Module in NGINX

Andrew Andonopoulos andre8525 at hotmail.com
Thu Jun 6 23:00:13 UTC 2019


Hello,

I have a project to build a caching server for HLS with nginx which is using S3 as an origin. I completed this task and everything is working as expected.

Now the next task is to use secure link to secure m3u8 and ts files. I used the instructions from this URL but i was getting 403 for all files:
https://www.nginx.com/blog/securing-urls-secure-link-module-nginx-plus/


However i changed it little bit and i used the following (without map) and i was able to get 200 for only the URI, so i presume that the secure link with NGINX is working:

secure_link $arg_md5,$arg_expires;
secure_link_md5 "enigma$uri$secure_link_expires";

if ($secure_link = "") { return 403; }
if ($secure_link = "0") { return 410; }



When i try with map i always getting 403. So i am wondering if the free version of nginx doesn't support it and if i need to purchase the commercial version.

Do you have a working example for HLS and map? This is the one that i was using:

map $uri $hls_uri {
       ~^(?<base_uri>.*).m3u8$ $base_uri;
       ~^(?<base_uri>.*).ts$   $base_uri;
       default                 $uri;
   }



Nginx version on FreeBSD 11.x
# nginx -V
nginx version: nginx/1.17.0
built by clang 6.0.0 (tags/RELEASE_600/final 326565) (based on LLVM 6.0.0)
built with OpenSSL 1.0.2s  28 May 2019
TLS SNI support enabled
configure arguments: --prefix=/usr/local/etc/nginx --with-cc-opt='-I /usr/local/include' --with-ld-opt='-L /usr/local/lib' --conf-path=/usr/local/etc/nginx/nginx.conf --sbin-path=/usr/local/sbin/nginx --pid-path=/var/run/nginx.pid --error-log-path=/var/log/nginx/error.log --user=www --group=www --modules-path=/usr/local/libexec/nginx --with-file-aio --http-client-body-temp-path=/var/tmp/nginx/client_body_temp --http-fastcgi-temp-path=/var/tmp/nginx/fastcgi_temp --http-proxy-temp-path=/var/tmp/nginx/proxy_temp --http-scgi-temp-path=/var/tmp/nginx/scgi_temp --http-uwsgi-temp-path=/var/tmp/nginx/uwsgi_temp --http-log-path=/var/log/nginx/access.log --with-http_v2_module --with-http_addition_module --with-http_auth_request_module --with-http_dav_module --with-http_flv_module --with-http_gunzip_module --with-http_gzip_static_module --with-http_mp4_module --with-http_random_index_module --with-http_realip_module --with-pcre --with-http_secure_link_module --with-http_slice_module --with-http_ssl_module --with-http_stub_status_module --with-http_sub_module --without-mail_imap_module --without-mail_pop3_module --without-mail_smtp_module --with-mail_ssl_module --with-stream_ssl_module --with-stream_ssl_preread_module --with-threads --with-mail=dynamic --with-stream=dynamic





Thank you in advance
Andrew






-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nginx.org/pipermail/nginx/attachments/20190606/ab32ef88/attachment.html>


More information about the nginx mailing list